Lucene search
K

21959 matches found

CVE
CVE
added 38 minutes ago6 views

CVE-2026-57757 WordPress pCloud WP Backup plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in pCloud WP Backup = 2.0.2 versions...

7.1CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 38 minutes ago3 views

CVE-2026-57757 WordPress pCloud WP Backup plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in pCloud WP Backup = 2.0.2 versions...

7.1CVSS
Exploits0References1
CVE
CVE
added 38 minutes ago4 views

CVE-2026-57751 WordPress Heateor Social Login plugin <= 1.1.39 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Heateor Social Login = 1.1.39 versions...

8.1CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 39 minutes ago2 views

CVE-2026-57747 WordPress Booked plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Booked = 3.0.0 versions...

6.5CVSS
Exploits0References1
CVE
CVE
added 39 minutes ago4 views

CVE-2026-57747 WordPress Booked plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Booked = 3.0.0 versions...

6.5CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 39 minutes ago2 views

CVE-2026-57690 WordPress Werkstatt theme <= 4.7.2 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Werkstatt = 4.7.2 versions...

4.3CVSS
Exploits0References1
CVE
CVE
added 39 minutes ago9 views

CVE-2026-57690 WordPress Werkstatt theme <= 4.7.2 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Werkstatt = 4.7.2 versions...

4.3CVSS5.8AI score
Exploits0References1
Nuclei
Nuclei
added 2 hours ago13 views

Ozette Plugins - Cross-Site Request Forgery

An attacker can update, create, and remove the site's mobile redirects via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. id: CVE-2023-23897 info: name: Ozette Plugins - Cross-Site Request Forgery author: popcorn94 severity: medi...

8.8CVSS7.2AI score0.01671EPSS
Exploits0References3
Nuclei
Nuclei
added 2 hours ago22 views

Email Subscribers & Newsletters <= 5.3.1 - Authenticated SQL Injection

The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...

8.8CVSS7.4AI score0.04184EPSS
Exploits3References2
Patchstack
Patchstack
added 2 hours ago5 views

WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by dodoh4t in WordPress Plugin WPIDE – File Manager & Code Editor versions = 3.5.6...

8.8CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2 hours ago4 views

WordPress Permalink Manager for WooCommerce plugin <= 1.0.8.2 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by dodoh4t in WordPress Plugin Permalink Manager for WooCommerce versions = 1.0.8.2...

7.1CVSS5.8AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 3 hours ago3 views

WordPress pCloud WP Backup plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by R2D2 in WordPress Plugin pCloud WP Backup versions = 2.0.2...

7.1CVSS5.8AI score
Exploits0Affected Software1
CVE
CVE
added yesterday8 views

CVE-2026-58451

CVE-2026-58451 concerns Horde IMP prior to 7.0.1. A path traversal flaw in lib/Compose.php enables an authenticated attacker to read arbitrary server files by inserting traversal sequences after the CKEditor path prefix in img src URLs. The issue circumvents prefix validation by appending travers...

7.1CVSS5.9AI score
Exploits0References5
CVE
CVE
added yesterday6 views

CVE-2026-57723

CVE-2026-57723 affects the WordPress plugin VikBooking Hotel Booking Engine & PMS (e4jvikwp) up to version 1.8.12. The vulnerability is a CSRF to Arbitrary File Deletion issue, described as enabling path traversal that can delete arbitrary files. The CVE notes a HIGH impact with a CVSS 3.1 score ...

7.4CVSS5.8AI score
Exploits0References1
Patchstack
Patchstack
added yesterday3 views

WordPress Heateor Social Login plugin <= 1.1.39 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by ParkHyunWoo in WordPress Plugin Heateor Social Login versions = 1.1.39...

8.1CVSS5.8AI score
Exploits0Affected Software1
NVD
NVD
added yesterday6 views

CVE-2026-12158

The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0.9.1. This is due to missing or incorrect nonce validation on the processrequest function. This makes it possible for unauthenticated...

8.8CVSS0.00205EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday17 views

CVE-2026-12158 RegistrationMagic <= 6.0.9.1 - Cross-Site Request Forgery to Privilege Escalation via 'rmc_assign_user_role_action' Parameter

The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0.9.1. This is due to missing or incorrect nonce validation on the processrequest function. This makes it possible for unauthenticated...

8.8CVSS0.00205EPSS
Exploits0References6
CVE
CVE
added yesterday11 views

CVE-2026-12158

The CVE pertains to the WordPress plugin RegistrationMagic – User Registration Forms Plugin, vulnerable to Cross-Site Request Forgery up to version 6.0.9.1 due to missing/incorrect nonce validation in process_request. This allows unauthenticated attackers to escalate a form submitter’s privileges...

8.8CVSS5.8AI score0.00205EPSS
Exploits0References6
NVD
NVD
added yesterday9 views

CVE-2026-58518

Cross-Site request forgery CSRF vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request Forgery. This issue affects Mediawiki - RedirectManager Extension: from before 1.3.3...

6.9CVSS0.00157EPSS
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-11981

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.15.3 This is due to missing nonce validation on the givesetnotificationstatushandler function. This makes it possible for unauthenticated attackers to disable donation email notificatio...

4.3CVSS0.00154EPSS
Exploits0References9
Rows per page
Query Builder